firestore_access_policy
Define who can read, create, update, and delete Firestore and Storage resources in Dart, then generate firestore.rules and storage.rules from one source of truth.
Install
dependencies:
firestore_access_policy: ^0.3.1
Generate rules (in memory)
final text = const FirestoreRulesGenerator().generate(firestoreRulesFile);
Optional header comments in generated rules
Banner comments at the top of emitted firestore.rules / storage.rules are optional and fully controlled by your app. Set FirestoreRulesFile.headerComment (or StorageRulesFile.headerComment) when you build the file; omit it for no header.
Use this for project-specific notes (deploy path, diff commands, etc.). The library does not inject app names or deploy instructions by default. For a neutral template, see example/firestore_access_policy_example.dart or RulesFileDefaults.firestoreHeaderComment.
Write to a custom file (won't overwrite by default)
Use a different path than your hand-maintained firestore.rules. Default behaviour is fail if the file exists:
const generation = RulesGeneration();
await generation.writeFirestore(
myRulesFile,
const RulesOutputTarget(
path: 'firestore.generated.rules', // not firestore.rules
),
);
await generation.writeStorage(
myStorageRulesFile,
const RulesOutputTarget(path: 'storage.generated.rules'),
);
RulesWriteIfExists |
Behaviour |
|---|---|
fail (default) |
Throws if file exists — protects firestore.rules |
skip |
Leaves existing file unchanged |
overwrite |
Replaces file |
Patterns (member diff, parent group)
FirestoreRulesFile(
helpers: [
...MemberDiffPatterns.standardListMemberHelpers(),
ParentResourcePatterns.groupMemberByIdHelper(),
],
policies: [
AccessPolicy(
path: ResourcePath.parse('lists/{listId}'),
rules: {
PolicyAction.update: [
PolicyRule(
And([
InMapKeys('members'),
MemberDiffPatterns.allowedMemberMapUpdate(),
]),
),
],
},
),
],
);
CLI
Pipe generated text to a safe output path:
dart run tool/my_policies.dart | dart run firestore_access_policy:generate_rules \
--firestore-out=firestore.generated.rules --stdin
See dart run firestore_access_policy:generate_rules --help.
Rules test skeleton
const RulesTestGenerator().generate(
packageName: 'my_app',
policies: catalog,
);
Produces a test/ file with cases to wire to Firebase Rules unit tests.
Roadmap
| Step | Status |
|---|---|
| Policy model + conditions | Done |
| Firestore + Storage emitters | Done |
| Safe custom output paths | Done (0.3) |
| Member-diff / parent-resource patterns | Done (0.3) |
| Rules test generator + CLI | Done (0.3) |
| Advanced patterns + Rules emulator harness | Future |
Automated publishing
Tag v0.3.1 on main after bumping pubspec.yaml — see dart.dev automated publishing (v{{version}} on pub.dev).
License
MIT — see LICENSE.
Libraries
- firestore_access_policy
- Declarative Firestore and Storage access policies with rules generation.